nginx 0day exploit for nginx + fastcgi PHP
staff at krecio.pl
Sat May 22 05:17:59 MSD 2010
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME,
and to not grok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi
; this to 1 will cause PHP CGI to fix it's paths to conform to the
spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should
fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
2010/5/22 Cliff Wells <cliff at develix.com>:
> On Fri, 2010-05-21 at 10:48 -0700, Michael Shadle wrote:
>> Default is zero.
> I can't find a single installation of PHP (amongst about 35 virtual
> servers I checked) where this option isn't commented out (so defaulting
> to 0).
> Is there some widely-used PHP application that requires this be on?
> nginx mailing list
> nginx at nginx.org
More information about the nginx